diff options
author | Dirkjan Bussink <d.bussink@gmail.com> | 2020-12-22 19:23:13 +0100 |
---|---|---|
committer | Jakub Jelen <jjelen@redhat.com> | 2021-01-11 10:45:22 +0100 |
commit | da36ecd6f25027c8767cd1132229450d699bd49f (patch) | |
tree | 5cd90bb5a94962e8e87b88b6efdec2aaaf278759 /src/libcrypto.c | |
parent | 385ac0911dfc4db7955a0a8ee78b6b0cd189026d (diff) | |
download | libssh-da36ecd6f25027c8767cd1132229450d699bd49f.tar.gz libssh-da36ecd6f25027c8767cd1132229450d699bd49f.tar.xz libssh-da36ecd6f25027c8767cd1132229450d699bd49f.zip |
Move HMAC implementation to EVP API
Now that the minimum OpenSSL version is 1.0.1, we know that the EVP HMAC
API is always available. This switches to this API. The existing API is
deprecated for OpenSSL 3.0.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src/libcrypto.c')
-rw-r--r-- | src/libcrypto.c | 37 |
1 files changed, 27 insertions, 10 deletions
diff --git a/src/libcrypto.c b/src/libcrypto.c index c82b4b5e..a9fecbe4 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -423,42 +423,59 @@ int ssh_kdf(struct ssh_crypto_struct *crypto, HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) { HMACCTX ctx = NULL; + EVP_PKEY *pkey = NULL; + int rc = -1; - ctx = HMAC_CTX_new(); + ctx = EVP_MD_CTX_new(); if (ctx == NULL) { return NULL; } + pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, len); + if (pkey == NULL) { + goto error; + } + switch (type) { case SSH_HMAC_SHA1: - HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL); + rc = EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey); break; case SSH_HMAC_SHA256: - HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL); + rc = EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, pkey); break; case SSH_HMAC_SHA512: - HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL); + rc = EVP_DigestSignInit(ctx, NULL, EVP_sha512(), NULL, pkey); break; case SSH_HMAC_MD5: - HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL); + rc = EVP_DigestSignInit(ctx, NULL, EVP_md5(), NULL, pkey); break; default: - HMAC_CTX_free(ctx); - ctx = NULL; + rc = -1; + break; } + EVP_PKEY_free(pkey); + if (rc != 1) { + goto error; + } return ctx; + +error: + EVP_MD_CTX_free(ctx); + return NULL; } void hmac_update(HMACCTX ctx, const void *data, unsigned long len) { - HMAC_Update(ctx, data, len); + EVP_DigestSignUpdate(ctx, data, len); } void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) { - HMAC_Final(ctx, hashmacbuf, len); - HMAC_CTX_free(ctx); + size_t res; + EVP_DigestSignFinal(ctx, hashmacbuf, &res); + EVP_MD_CTX_free(ctx); + *len = res; } static void evp_cipher_init(struct ssh_cipher_struct *cipher) |